I have a domain controller running 2003 R2. The server behaves very well when restarted daily, however, each day it is not restarted, there's a process called "System" that takes enourmous chunks of CPU time (up to 95%).

When I tried so far: Process Explorer (ex-Sysinternals) shows that the "System" process has no sub-processes. In the "Threads" tab of the detailled view I can see that >90% of the CPU time is used up by "ntkrnlpa.exe+0x803c0". The "Interrupts" process is running at 3-5% of CPU time, I'm not sure if this accounts for the amount of CPU time that System takes.

1 Answer
1

ntkrnlpa.exe is the NT kernel, and most problems that trace back to the kernel are actually caused by 3rd party drivers loaded into the kernel.

Drivers such as those found in AV products.

I'd bet anything that it's Kaspersky causing your problems, and I'd like to echo TomTom's comment about why you'd have endpoint security on a DC/DNS/backup server. If you must have AV on your servers, Kaspersky has a client specifically for Windows Server OSes that you should be using instead of their endpoint security client. (Personally, I prefer to keep my servers free of viruses by keeping the users away from them, but YMMV and all that.)

Thanks for answering. As the server works as a file share for all our users, we will need antivirus protection, especially while backing up the data. Therefor, we installed Endpoint Security, which is supported on servers as well. The version we had before, Antivirus, was not, so we switched.
–
DabuJun 19 '12 at 13:10